While most malware these days tries to work under the radar to avoid detection, a new species has been reported that wipes the drives of the systems it infects.
The Shamoon software carries out a two stage attack, according to an analysis by Israeli security firm Seculert. Once a system on a network is infected, the code scrapes data from other systems via network shares, including those not connected to the internet. It then wipes all the data on the target systems and overwrites the master boot record to brick the system.
The attack appears to be fairly localized, and Symantec reports that at least one energy company has been hit by the malware. It's not known if the code was responsible for the shutdown of the Saudi Arabian Oil Co network on Wednesday, although the Saudis say oil production was not harmed.
Shamoon's unusual operating technique has set tongues wagging that this code may be from the same school of writers as Flame. Kaspersky notes that both contain some similar file names, but points out that the similarities are fleeting and probably unrelated.
"It is more likely that this is a copycat, the work of a script kiddies inspired by the story. Nowadays, destructive malware is rare; the main focus of cybercriminals is financial profit. Cases like the one here do not appear very often," it said in a blog posting. ®